I am interested in establishing a single user login at my office that has about 60 machines total running on the network. This is a heterogeneous network with AIX, Linux, and Windows. I am wondering if I am better off spending my time reading up and trying to establish an LDAP server and then use that to authenticate or whether Kerberos will satisfy my needs.
LDAP, by itself, will not give you single sign on. It may give you a single password/authentication mechanism, but you will still have to log in to each application or server individually.
To answer your question, you're going to have to inventory all of the servers and services in use at your site, and then research each one to see if they support LDAP or kerberos login. If they all support kerberos, then shoot for that. Beware however, that your kerbers authentication server will have to be kept very secure in order to make sure that the rest of the network is not compromised. Everything will be exposed to an attacker who can take your KDC.
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
